summaryrefslogtreecommitdiff
path: root/man7/ezjail.7
diff options
context:
space:
mode:
Diffstat (limited to 'man7/ezjail.7')
-rw-r--r--man7/ezjail.740
1 files changed, 37 insertions, 3 deletions
diff --git a/man7/ezjail.7 b/man7/ezjail.7
index 0e87bf5..be258c8 100644
--- a/man7/ezjail.7
+++ b/man7/ezjail.7
@@ -142,6 +142,34 @@ Image jails may also be encrypted using
142or 142or
143.Xr geli 8 , 143.Xr geli 8 ,
144depending on the options given at creation time. 144depending on the options given at creation time.
145.Ss Using ZFS
146To give more precise control over the resources consumed by a jail,
147ezjail allows putting each jail in its own
148.Xr zfs 8
149filesystem. See
150.Sx Jail Creation Examples
151for details.
152.Pp
153Also, ezjail can be configured to install its basejail
154and the accompaning template for all new jails into its own filesystem.
155Set the the
156.Dq Li $ezjail_use_zfs
157variable in your
158.Pa ezjail.conf
159to
160.Dq YES
161before running
162.Nm Cm update
163or
164.Nm Cm install .
165You may also want to configure the destination
166.Xr zpool 8
167using the
168.Dq Li $ezjail_jailzfs
169variable.
170.Pp
171You can use ZFS jails without installing the basejail into its own ZFS
172filesystem and vice versa.
145.Ss Per-Jail options 173.Ss Per-Jail options
146As we saw earlier, a jail is described by a file in 174As we saw earlier, a jail is described by a file in
147.Pa EZJAIL_PREFIX/etc/ezjail/ . 175.Pa EZJAIL_PREFIX/etc/ezjail/ .
@@ -416,7 +444,7 @@ It is possible to set this variable to
416if the administrator wants to temporarily ezjail, or if she doesn't 444if the administrator wants to temporarily ezjail, or if she doesn't
417want the jails to be automatically started on boot. 445want the jails to be automatically started on boot.
418.Pp 446.Pp
419The ezjail system may be reset to a printine state by removing all its 447The ezjail system may be reset to a pristine state by removing all its
420files, that is: 448files, that is:
421.Bl -item -compact 449.Bl -item -compact
422.It 450.It
@@ -570,7 +598,7 @@ in
570An empty directory, 598An empty directory,
571.Pa /usr/jails/sandbox2 , 599.Pa /usr/jails/sandbox2 ,
572will be created, and used as a mount point when starting the jail. 600will be created, and used as a mount point when starting the jail.
573.It Nm Cm create Fl i Fl c Cm bde Fl s Ar 600M sandbox3 10.0.10.5 601.It Nm Cm create Fl c Cm bde Fl s Ar 600M sandbox3 10.0.10.5
574This creates a new file based image jail, with 602This creates a new file based image jail, with
575.Xr gbde 4 603.Xr gbde 4
576encryption. During the gbde creation process you are asked to enter a 604encryption. During the gbde creation process you are asked to enter a
@@ -579,6 +607,11 @@ process. Remember this passphrase, you will be asked for the
579passphrase every time sub-command start is used on this jail. As they 607passphrase every time sub-command start is used on this jail. As they
580require administrator interaction, jails backed by an encrypted file 608require administrator interaction, jails backed by an encrypted file
581are not automatically started when the system boots. 609are not automatically started when the system boots.
610.It Nm Cm create Fl c Ar zfs Fl s Ar 1G sandbox4 10.0.10.6
611This creates a new zfs filesystem based jail with a default quota of 1
612gigabyte using lzjb compression. It uses the zpool configured in the
613.Dq Li $ezjail_jailzfs
614variable to create the filesystem in.
582.El 615.El
583.Sh FILES 616.Sh FILES
584.Pa EZJAIL_PREFIX/bin/ezjail-admin 617.Pa EZJAIL_PREFIX/bin/ezjail-admin
@@ -596,7 +629,8 @@ are not automatically started when the system boots.
596.Xr ezjail-admin 8 , 629.Xr ezjail-admin 8 ,
597.Xr ezjail.conf 5 , 630.Xr ezjail.conf 5 ,
598.Xr jail 8 , 631.Xr jail 8 ,
599.Xr nullfs 4 . 632.Xr nullfs 4 ,
633.Xr zfs 8 .
600.Pp 634.Pp
601Interesting additional tools include: 635Interesting additional tools include:
602.Dq Li ports-mgmt/jailaudit . 636.Dq Li ports-mgmt/jailaudit .